diff --git a/apiserver/plane/api/urls.py b/apiserver/plane/api/urls.py index cf9ac92cf..93af9d762 100644 --- a/apiserver/plane/api/urls.py +++ b/apiserver/plane/api/urls.py @@ -315,7 +315,6 @@ urlpatterns = [ "workspaces//members//", WorkSpaceMemberViewSet.as_view( { - "put": "update", "patch": "partial_update", "delete": "destroy", "get": "retrieve", @@ -425,7 +424,6 @@ urlpatterns = [ ProjectMemberViewSet.as_view( { "get": "retrieve", - "put": "update", "patch": "partial_update", "delete": "destroy", } diff --git a/apiserver/plane/api/views/project.py b/apiserver/plane/api/views/project.py index e9b1520fe..f6c4ed87d 100644 --- a/apiserver/plane/api/views/project.py +++ b/apiserver/plane/api/views/project.py @@ -409,6 +409,41 @@ class ProjectMemberViewSet(BaseViewSet): .select_related("workspace", "workspace__owner") ) + def partial_update(self, request, slug, project_id, pk): + try: + project_member = ProjectMember.objects.get(pk=pk, workspace__slug=slug, project_id=project_id) + if request.user.id == project_member.member_id: + return Response( + {"error": "You cannot update your own role"}, + status=status.HTTP_400_BAD_REQUEST, + ) + + if request.data.get("role", 10) > project_member.role: + return Response( + { + "error": "You cannot update a role that is higher than your own role" + }, + status=status.HTTP_400_BAD_REQUEST, + ) + + serializer = ProjectMemberSerializer( + project_member, data=request.data, partial=True + ) + + if serializer.is_valid(): + serializer.save() + return Response(serializer.data, status=status.HTTP_200_OK) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + except ProjectMember.DoesNotExist: + return Response( + {"error": "Project Member does not exist"}, + status=status.HTTP_400_BAD_REQUEST, + ) + except Exception as e: + capture_exception(e) + return Response({"error": "Something went wrong please try again later"}, status=status.HTTP_400_BAD_REQUEST) + + class AddMemberToProjectEndpoint(BaseAPIView): permission_classes = [ diff --git a/apiserver/plane/api/views/workspace.py b/apiserver/plane/api/views/workspace.py index 7f47c5baf..dcb8941a1 100644 --- a/apiserver/plane/api/views/workspace.py +++ b/apiserver/plane/api/views/workspace.py @@ -423,6 +423,43 @@ class WorkSpaceMemberViewSet(BaseViewSet): .select_related("member") ) + def partial_update(self, request, slug, pk): + try: + workspace_member = WorkspaceMember.objects.get(pk=pk, workspace__slug=slug) + if request.user.id == workspace_member.member_id: + return Response( + {"error": "You cannot update your own role"}, + status=status.HTTP_400_BAD_REQUEST, + ) + + if request.data.get("role", 10) > workspace_member.role: + return Response( + { + "error": "You cannot update a role that is higher than your own role" + }, + status=status.HTTP_400_BAD_REQUEST, + ) + + serializer = WorkSpaceMemberSerializer( + workspace_member, data=request.data, partial=True + ) + + if serializer.is_valid(): + serializer.save() + return Response(serializer.data, status=status.HTTP_200_OK) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + except WorkspaceMember.DoesNotExist: + return Response( + {"error": "Workspace Member does not exist"}, + status=status.HTTP_400_BAD_REQUEST, + ) + except Exception as e: + capture_exception(e) + return Response( + {"error": "Something went wrong please try again later"}, + status=status.HTTP_400_BAD_REQUEST, + ) + class TeamMemberViewSet(BaseViewSet): serializer_class = TeamSerializer